Richard Bejtlich's blog on digital security, strategic thought, and military history.

Tuesday, September 16, 2003

Verisign -- "The Value of Trust"?

I can't believe the stunt Verisign is pulling now. The screen shot says it all. Essentially, all nonexistent domain names are resolving to 64.94.110.11, which itself resolves to sitefinder-idn.verisign.com. I learned about this issue through the NANOG (North American Network Operators Group), Slashdot, this article, and Verisign's "notification". The talk I've seen involves sitefinder.verisign.com, but that resolves to 12.158.80.10 for me. I even queried an authoritative domain name server for 64.94.110.11 (ns1.pnap.net, which handles the 94.64.in-addr.arpa domain). Some have said ISPs are already null-routing 64.94.110.11.

I think this post makes a good case for review of Verisign's actions. This is not how an administrator for the two most important generic top level domains should act!